This is an archive of the discontinued LLVM Phabricator instance.

Differential D77012

[analyzer] Fix StdLibraryFunctionsChecker NotNull Constraint Check
ClosedPublic

Authored by vabridgers on Mar 29 2020, 6:01 AM.

Details

Reviewers
martong
NoQ
Szelethus
Commits
rGdefd95ef4517: [analyzer] Fix StdLibraryFunctionsChecker NotNull Constraint Check
Summary

This check was causing a crash in a test case where the 0th argument was
uninitialized ('Assertion `T::isKind(*this)' at line SVals.h:104). This
was happening since the argument was actually undefined, but the castAs
assumes the value is DefinedOrUnknownSVal.

The fix appears to be simply to check for an undefined value and skip
the check allowing the uninitalized value checker to detect the error.

I included a test case that I verified to produce the negative case
prior to the fix, and passes with the fix.

Diff Detail

Event Timeline

vabridgers created this revision.Mar 29 2020, 6:01 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 29 2020, 6:01 AM
Herald added subscribers: ASDenysPetrov, Charusso, donat.nagy and 6 others. · View Herald Transcript
Harbormaster failed remote builds in B50860: Diff 253415!Mar 29 2020, 6:55 AM
NoQ accepted this revision.Mar 29 2020, 7:31 AM
NoQ added a reviewer: Szelethus.

Thanks!

@Szelethus can we make this checker depend on undefined value checker (probably CallAndMessage) so that uninitialized arguments were handled first? In fact, can we make a silent assumption that everything depends on core? If so we could eliminate all checks for undefined values in PreStmt and PreCall.

This revision is now accepted and ready to land.Mar 29 2020, 7:31 AM
vabridgers updated this revision to Diff 253419.Mar 29 2020, 7:43 AM

fix pre-merge lint checks

Harbormaster failed remote builds in B50862: Diff 253419!Mar 29 2020, 8:31 AM
vabridgers updated this revision to Diff 253434.Mar 29 2020, 10:27 AM

fix pre-merge lint checks

Harbormaster failed remote builds in B50871: Diff 253434!Mar 29 2020, 11:13 AM
Ka-Ka added a subscriber: Ka-Ka.Mar 30 2020, 1:43 AM
martong accepted this revision.Mar 30 2020, 2:39 AM

LGTM and thanks!

In D77012#1948550, @NoQ wrote:

Thanks!

@Szelethus can we make this checker depend on undefined value checker (probably CallAndMessage) so that uninitialized arguments were handled first? In fact, can we make a silent assumption that everything depends on core? If so we could eliminate all checks for undefined values in PreStmt and PreCall.

+1, we should really do that.

Szelethus added a comment.Mar 30 2020, 7:19 AM
In D77012#1948550, @NoQ wrote:

@Szelethus can we make this checker depend on undefined value checker (probably CallAndMessage) so that uninitialized arguments were handled first?

I'll drop some pointers to previous discussions: D67336#1928925, D69662#1891124. I took a look, the evaluation order indeed depends on the order of registration, and the order of registration can be controlled with checker dependencies.

In fact, can we make a silent assumption that everything depends on core? If so we could eliminate all checks for undefined values in PreStmt and PreCall.

I wouldn't be comfortable doing that before we can separate the modeling portions from the diagnostics.

[cfe-dev] [analyzer][RFC] Our stance on checker dependencies and disabling core checkers: http://lists.llvm.org/pipermail/cfe-dev/2019-August/063070.html

Szelethus accepted this revision.Mar 30 2020, 7:19 AM

Oh, yea, LGTM! Thanks!

Closed by commit rGdefd95ef4517: [analyzer] Fix StdLibraryFunctionsChecker NotNull Constraint Check (authored by vabridgers, committed by einvbri <vince.a.bridgers@ericsson.com>). · Explain WhyMar 30 2020, 12:31 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Checkers/
3 lines
test/
Analysis/
8 lines

Diff 253666

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp

Show First 20 LinesShow All 184 Lines▼ Show 20 Lines class NotNullConstraint : public ValueConstraint {
using ValueConstraint::ValueConstraint; using ValueConstraint::ValueConstraint;
// This variable has a role when we negate the constraint. // This variable has a role when we negate the constraint.
bool CannotBeNull = true; bool CannotBeNull = true;
public: public:
ProgramStateRef apply(ProgramStateRef State, const CallEvent &Call, ProgramStateRef apply(ProgramStateRef State, const CallEvent &Call,
const Summary &Summary) const override { const Summary &Summary) const override {
SVal V = getArgSVal(Call, getArgNo()); SVal V = getArgSVal(Call, getArgNo());
if (V.isUndef())
return State;
DefinedOrUnknownSVal L = V.castAs<DefinedOrUnknownSVal>(); DefinedOrUnknownSVal L = V.castAs<DefinedOrUnknownSVal>();
if (!L.getAs<Loc>()) if (!L.getAs<Loc>())
return State; return State;
return State->assume(L, CannotBeNull); return State->assume(L, CannotBeNull);
} }
ValueConstraintPtr negate() const override { ValueConstraintPtr negate() const override {
▲ Show 20 LinesShow All 757 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions.c

Show First 20 LinesShow All 83 Lines▼ Show 20 Linesvoid test_fread_fwrite(FILE *fp, int *buf) {
size_t y = fread(buf, sizeof(int), 10, fp); size_t y = fread(buf, sizeof(int), 10, fp);
clang_analyzer_eval(y <= 10); // expected-warning{{TRUE}} clang_analyzer_eval(y <= 10); // expected-warning{{TRUE}}
size_t z = fwrite(buf, sizeof(int), y, fp); size_t z = fwrite(buf, sizeof(int), y, fp);
clang_analyzer_eval(z <= y); // expected-warning{{TRUE}} clang_analyzer_eval(z <= y); // expected-warning{{TRUE}}
} }
void test_fread_uninitialized(void) {
void *ptr;
size_t sz;
size_t nmem;
FILE *fp;
(void)fread(ptr, sz, nmem, fp); // expected-warning {{1st function call argument is an uninitialized value}}
}
ssize_t getline(char **, size_t *, FILE *); ssize_t getline(char **, size_t *, FILE *);
void test_getline(FILE *fp) { void test_getline(FILE *fp) {
char *line = 0; char *line = 0;
size_t n = 0; size_t n = 0;
ssize_t len; ssize_t len;
while ((len = getline(&line, &n, fp)) != -1) { while ((len = getline(&line, &n, fp)) != -1) {
clang_analyzer_eval(len == 0); // expected-warning{{FALSE}} clang_analyzer_eval(len == 0); // expected-warning{{FALSE}}
} }
▲ Show 20 LinesShow All 117 LinesShow Last 20 Lines